Denis Joannides, CTO & FounderWith the rallying cry around API economy, more companies today are undergoing digital transformation opening up their data and services, exposing themselves to a wide array of sophisticated cyber attacks. Today, threats such as man-in-the-middle attacks, cross-site scripting and SQL injection attacks are resulting in the theft of identity of authentic users, exposing business critical data to unauthorized apps that endanger brands’ credibility and business prospects, putting their API initiatives in jeopardy. The current API security vendors are struggling to secure businesses due to the narrow API security approach and lack of consistent, comprehensive, and secure API architecture with combative security components. Helping businesses to excel in the digital era is Onegini with overarching security approach to secure not just the APIs HTTP endpoint but the interactions between the client and end user devices– including IoT devices–and APIs with provisions for auditing and non-repudiation throughput. “Onegini brings an added layer of security on top of API security infrastructure to protect end-to-end interactions between the business and the end-users’ mobile device,” says Denis Joannides, Founder & CTO, Onegini.
At the core of Onegini is the Mobile Security Platform (MSP). With an Application Security Framework, Token Server, and Security Gateway, and API Management, MSP provides a well-secured conduit for end-users to interact with business applications on mobile platforms, browsers, and desktop applications through validated APIs. MSP prevents identity theft with its Consumer Identity Management (CIM) functionality that protects the consumer identity by limiting the exposure of user credentials to trusted applications. This functionality takes standards-based authentication approach for efficient orchestration of APIs making them scalable and extensible. The Token Server manages the identity of users and devices by generating access credentials with appropriate permissions. The Security Gateway works in liaison with MSP to allow access to APIs granted for a client application and given identity. The gateway contributes for end-to-end API security by aligning the external security protocols with the internal ones.
Onegini brings added layer of security on top of API security infrastructure to protect end-to-end interactions between the business and the end-users’ mobile device
Unlike the existing API security solutions, Onegini’s API Management functionality has the capability to deliver protocol mediation and payload encryption that help in limiting the impact on existing services when exposing external APIs. This ensures trusted and governed practice to provide a secured path for allowing access to business data, services, and assets.
With the rise in identity theft of consumers engaging with business especially from the banking and financial services industry, biometrics technology is gaining wider acceptance to secure the transactions. With Onegini, every transaction is fool proof through the intelligent security measures including Identity Abuse detection, fingerprint login, Facial login, 2-Factor authentication, data and payload encryption, Tampering protection, source code protection, App hardening, and push notifications. As MSP does all the heavy lifting related to securing business APIs, data, and devices, developers can focus on building immersive user interfaces to drive consumer engagement. Businesses rely on MSP to develop secure and engaging mobile apps to deliver unique services and user experience while achieving faster time to market.
Onegini values the importance of collaborating with industry leaders to secure the world of mobile applications. To this end, it has been a valued member of FIDO Alliance, building synergy with an aim to simplify and improve authentication to make online transactions – secure and easy. The company also boasts strong partnerships with Samsung SDS, EyeVerify, and Infosys Finacle to improve the mobile security platform that helps businesses in building next generation of apps with guaranteed security.